** Description changed: Binary package hint: bash Attached is a shell script that was part of a security experiment of mine showing that a fork bomb can be just as easily hidden in a shell script as it can be executed in plain sight using a shell function. - What the script does is cause the script itself to recursively and - indefinitely execute instances of itself. This, unlike a command that is - run as a function in the shell, isn't visible to the user unless opened - in an editor. It can be given any name (even a misleading one) and can - be executed without the user knowing what's lurking inside it. + My findings of this experiment is that the script can be crafted to + recursively and indefinitely execute instances of itself. This, unlike a + command that is run as a function in the shell, isn't visible to the + user unless opened in an editor. It can be given any name (even a + misleading one) and can be executed without the user knowing what's + lurking inside it. It is also dangerous because the script itself can be crafted to perform highly CPU-intensive tasks (or even delete files!) on top of exploding into a million processes. We all know just how much damage this can cause. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: bash 4.1-2ubuntu4 ProcVersionSignature: Ubuntu 2.6.37-8.21-generic 2.6.37-rc4 Uname: Linux 2.6.37-8-generic i686 Architecture: i386 Date: Sat Dec 11 22:33:24 2010 InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20101205) ProcEnviron: - LANG=en_US.utf8 - SHELL=/bin/bash + LANG=en_US.utf8 + SHELL=/bin/bash SourcePackage: bash
** Description changed: Binary package hint: bash Attached is a shell script that was part of a security experiment of mine showing that a fork bomb can be just as easily hidden in a shell script as it can be executed in plain sight using a shell function. - My findings of this experiment is that the script can be crafted to + My findings of this experiment are that the script can be crafted to recursively and indefinitely execute instances of itself. This, unlike a command that is run as a function in the shell, isn't visible to the user unless opened in an editor. It can be given any name (even a misleading one) and can be executed without the user knowing what's lurking inside it. It is also dangerous because the script itself can be crafted to perform highly CPU-intensive tasks (or even delete files!) on top of exploding into a million processes. We all know just how much damage this can cause. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: bash 4.1-2ubuntu4 ProcVersionSignature: Ubuntu 2.6.37-8.21-generic 2.6.37-rc4 Uname: Linux 2.6.37-8-generic i686 Architecture: i386 Date: Sat Dec 11 22:33:24 2010 InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20101205) ProcEnviron: LANG=en_US.utf8 SHELL=/bin/bash SourcePackage: bash -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/689176 Title: Fork bombs can just as easily be coded into shell scripts as they can into bomb functions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
